[systemd-devel] sd-boot setup and PCRs
Lennart Poettering
lennart at poettering.net
Mon Jun 19 15:21:25 UTC 2023
On So, 18.06.23 20:56, Felix Rubio (felix at kngnt.org) wrote:
> Hi everybody,
>
> After some days offline, today I have gone through the emails exchanged a
> couple of weeks ago and agreed: UKI is the way to go. Last time I checked
> about it I read about possible problems related to when some modules would
> be loaded and so, but I see that my knowledge was outdated.
>
> This said, right now my setup looks like: SecureBoot is enabled, I am using
> Shim, Systemd-Boot as shim's second stage, and a UKI. As the disk is
> encrypted, for now I am making the decryption predicated to PCRs 7 and 14,
> so that the decryption will only fail when either SB state changes, or when
> shim certificates/hashes change. So far so good.
>
> Out of curiosity now, I am wondering: what would happen in case somebody
> boots the system from, e.g., a USB drive that contains a signed image? Even
> if the shim is the same version, I assume it will fail to unlock because the
> MOK will not contain my certificate? Should that certificate had been stolen
> and present, be enough to then unlock the disk?
MOK is persisted in an EFI var, hence it doesn't matter what you boot
from, the MOK db will be the same.
Hence if that UKI on the usb drive is signed by some key that is in
your MOK then this will just be accepted and get access to your keys.
> I am trying to assess if I should put in the mix PCR 4, so that I can keep
> track of the UKI image that gets loaded. Do you guys think this would be
> needed, or is overkill?
If you use UKIs, bind to the signature for PCR 11.
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list